Remote Code Exposure in Apple QuickTime and Darwin Streaming Server
CVE-2003-0423

Currently unrated

Key Information:

Vendor: Apple
Status: Darwin Streaming Server
Vendor: CVE Published:; 27 August 2003

Summary

The parse_xml.cgi component in Apple QuickTime and Darwin Streaming Server versions prior to 4.1.3g has a vulnerability that allows remote attackers to exploit the filename parameter. This flaw could enable attackers to access source code for parseable files, leading to potential further exploitation.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/...

mailing-listx_refsource_VULNWATCH

http://www.rapid7.com/advisories/R7-0015.html

x_refsource_MISC

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Jun 11, 2003